[HN Gopher] NetBox: a source of truth for everything on your net...
___________________________________________________________________
NetBox: a source of truth for everything on your network
Author : dpcx
Score : 193 points
Date : 2024-02-06 13:49 UTC (9 hours ago)
(HTM) web link (netbox.dev)
(TXT) w3m dump (netbox.dev)
| sea-gold wrote:
| I haven't had a chance to play with this, but it looks really
| cool (and is actively developed).
| Octabrain wrote:
| I've never used it although I've been aware of its existence for
| a long time. It's great to see a tool actively developed that
| uses a boring-yet-great-and-well-known framework (Django +
| Templates). Ironically, it's refreshing to see that stack in a
| world of JS frameworks, microservices and what not.
| maxboone wrote:
| It's frontend uses a JS framework though [1], and transpiles it
| to the static directory. It's HTMX though, which is refreshing
| to see.
|
| [1] https://github.com/netbox-
| community/netbox/tree/develop/netb...
| jonpurdy wrote:
| I actually used this when it first came out in 2016; it was
| developed by a DevOps person at DigitalOcean as a hobby project
| (IIRC).
|
| My use at work was just a subset of features (IP and hostname),
| but I ended up using its Postgres DB as a source for SSH key
| deployment scripts (these days (maybe back then too) much easier
| to do with Ansible).
|
| Glad to see it's still actively developed and has a ton of
| features, yet seems to still be great at its core features!
| 000ooo000 wrote:
| In case you were struggling to find anything meaningful on the
| site regarding what netbox actually is:
|
| >NetBox is the leading solution for modeling and documenting
| modern networks. By combining the traditional disciplines of IP
| address management (IPAM) and datacenter infrastructure
| management (DCIM) with powerful APIs and extensions, NetBox
| provides the ideal "source of truth" to power network automation.
| jethro_tell wrote:
| There are a lot of DCIMs out there, where netbox really shines,
| is that it's got a decent API and is pretty flexible.
|
| We use it as a front end for managing physical datacenters with
| a host of services that take or store their state in netbox.
|
| Services check boot targets, hosttypes, connected switch and
| power ports, the service and role a host will or does provide,
| lifecycle tracking, etc . . .
|
| And, we can give it to our physical datacenter techs and they
| just set the fields and boot the host.
|
| It's a really nice way to manage a front end, because netbox
| handles things like ldap and UI and we just write services that
| make the datacenter look like netbox.
| NewJazz wrote:
| My company went with opendcim over netbox a few years back
| and filled in the gaps with a custom database and app. We are
| now migrating a lot of our data into netbox and wondering why
| we didn't do that in the first place.
| jesperwe wrote:
| "The site" is actually just their blog. The github repo at
| https://github.com/netbox-community/netbox is more like the
| real homepage and has a good presentation.
| HeckFeck wrote:
| Oh. A pity. In my head it would've been something like a poor
| man's SIEM, monitoring traffic and keeping track of who has
| been accessing what on my home network.
|
| Hence, a source of truth. The mysterious machinations of the
| modern datagram hailstorm quantified and exposed.
| whalesalad wrote:
| gh repo is a bit better on details, and has screenshots:
| https://github.com/netbox-community/netbox
|
| There is a demo instance here: https://demo.netbox.dev/
| samstave wrote:
| demo demo is login
| xela79 wrote:
| test/test also works :)
| Shank wrote:
| Neither of these credentials work anymore. Perhaps someone
| changed them?
| samstave wrote:
| Phuck those people.
|
| Yeah - I should have gone to ADMIN panel asap.. but
| didnt...
|
| https://i.imgur.com/cJnE5qZ.png
|
| Yeah they 14-year-old-haxxd themselves.
|
| HHAH
| ta1243 wrote:
| It's admin/admin, same as my live one
| samstave wrote:
| I wonder where demo demo is set in git repo?
| tw04 wrote:
| I struggle with netbox. I understand their theory of separation
| of duties, but without it doing DDI and without it having native
| integration into all the major dns players the usefulness is
| questionable to me. Relying on people to always update the source
| of truth never actually works in practice in an organization of
| any size.
| SteveNuts wrote:
| There are Ansible and Terraform modules, the source of truth
| should be kept up to date by your automation.
|
| There are also reports you can write to catch any data issues.
| tw04 wrote:
| I fundamentally disagree. The source of truth should be
| naively updating my components, not a script that may or may
| not break with the next update which has 0 support available.
|
| Given the repeated asks on the GitHub issues, I'm confident
| I'm not alone in that belief.
|
| Infoblox doesn't tell me to write a terraform script to
| update AD/dns and vice versa, they built it into the product.
| SteveNuts wrote:
| Netbox isn't really a DHCP/DNS server and doesn't claim to
| be. You don't have to use its IPAM features if you want to
| use Infoblox instead.
|
| Netbox has a lot of great features for documenting your
| infrastructure even if you don't use IPAM - which Infoblox
| does not do at all.
| tw04 wrote:
| I understand what it currently does. I'm saying they're
| missing the mark and should finish building out the tool.
| I don't want a separate tool for each.
| jeffg-nbl wrote:
| Our current focus, with our current resources, is on core
| functionality. We want to nail that and then grow our
| roadmap deliberately, rather than go off and add a bunch
| of half-finished features just to tick some checkboxes.
| In the meantime, plugin builders are doing an amazing job
| tackling things like BGP community / session / policy
| management, DNS record management, and device ACL
| management.
| hacker_newz wrote:
| In practice nothing should work without the source of truth
| being updated.
| zamadatix wrote:
| I think that's two ways of saying the same thing - that
| NetBox isn't integrated into anything which forces it into
| being the source of truth. It's just a place updates
| sometimes get sent to.
|
| This was my main problem with NetBox as well.
| midasuni wrote:
| Your ansible (salt, chef, whatever) inventories should be
| generated from your source of truth, then when they run
| they should apply against your infrastructure.
|
| You shouldn't be able to make any changes without driving
| them through the source of truth.
| zamadatix wrote:
| This is great if your source of truth can be NetBox alone
| but if NetBox is just a destination for generated
| workflows relying on things like actual DDI, which is
| what's actually required for the workflow, as the source
| of truth the idea every one will remember to update and
| cleanup NetBox falls apart.
|
| Not to mention not every place can be assumed to declare
| their entire infrastructure in ansible chef or
| whathaveyou. If IT people everywhere got the time to
| redeploy their entire infrastructures only with what
| works for best practices to make their lives easier then
| IT people would probably be a lot happier :).
| samcat116 wrote:
| Can't say enough good things about Netbox. Really solid project.
| candiddevmike wrote:
| Prior to NetBox I spent quite a bit time with RackTables. It was
| mostly manual documentation but really tickled my OCD itch
| (lovingly referred to as CrackTables), and it was really simple
| to use. https://www.racktables.org/
| lukevp wrote:
| Any comparison to PhpIPAM? That's the only other open source IPAM
| I've used. Does this support scanning the networks as well?
| samcat116 wrote:
| It doesn't, but its significantly more actively developed than
| PhpIPAM. There are also scanning plugins you can add.
| xwowsersx wrote:
| Linking to docs since I could not tell what this was from the
| linked page https://docs.netbox.dev/en/stable/
| twiclo wrote:
| I'm intimately familiar with Netbox. It has been the backbone of
| our WISP for going on 6 years. I just finished a long project
| where I had to do the first update to it in 5 years (a problem I
| inherited) and while it was painful to get everything ready on
| our end, I couldn't be happier with Netbox's side of things. The
| maintainers were able to easily answer questions on database
| design from 5 years ago. Great guys, great software.
| chpwssn wrote:
| My group has been running netbox for a few months now and it's
| been useful for keeping track of departmental address allocations
| and half a dozen racks of equipment. One note we've learned
| though: either host it offsite or set up an access point/laptop
| that you know will let you access it during a local outage.
| this_xor_that wrote:
| My org switched over to the Nautobot fork for the long term
| support aspect and integration with our other enterprise apps,
| both products are pretty great.
|
| EDIT: should note we are using the on-prem version, not
| cloud/SaaS.
| maxboone wrote:
| Great tool, moved our IPAM to it at a major hosting company in
| the Netherlands a couple years ago.
|
| Used a replicated PostgreSQL database and a Redis cluster (we
| went for KeyDB for HA) backing it and it's HA.
| klysm wrote:
| Is it valid to just use IaC as the source of truth? That's where
| I do all my IPAM
| FL410 wrote:
| NetBox is awesome, super powerful.
|
| I'm also really excited about the recently (like last week) added
| IPAM/Rack management in Hudu (kind of like IT Glue). It's pretty
| rudimentary but they seem to iterate quickly and that will be a
| great option for people who do IPAM/rack documentation for many
| customers.
| jeffg-nbl wrote:
| Hey, I'm a product manager at NetBox Labs, the commercial
| stewards of the NetBox project. It's great to see such nice and
| useful feedback.
|
| We're not even a year old yet as a company, and we know that it's
| currently not easy to find details on netbox.dev, and we're in
| the middle of a project to address that. In the meantime, I hope
| you'll check out the resources hosted on https://netboxlabs.com.
|
| There's also a slack workspace at https://netdev-
| community.slack.com/ where you can interact with me and my
| colleagues. I'm @Jeff Gehlbach.
| frellus wrote:
| Somehow I had no idea that there was a commercial SaaS version
| of Netbox, as I've been using the OSS version for years hosted
| internally.
|
| Feedback: the pricing is completely whacked, IMHO. I got
| excited that I could move to someone else supporting Netbox
| instead of my team, however due to the number of devices I
| have, I would have to use the middle license tier -- that's
| listed as $20,000/yr. This isn't a $20,000/yr problem to me, it
| would be impossible to justify this to my management, sadly.
|
| Just my feedback on your pricing. Netbox itself, the code and
| the absolutely stunning dev velocity is inspiring, but unless
| pricing were drastically lower I couldn't go for it. Would
| otherwise love to support.
| jeffg-nbl wrote:
| Thanks for the kind words! I'm specifically attached to
| NetBox Open Source, and will pass along the compliments to
| the dev team.
|
| And yeah, the pricing for NetBox Cloud isn't a fit for every
| use case. That product isn't the only thing we've got
| cooking; stay tuned :)
| snerbles wrote:
| That's comparable to Device42 and Sunbird - what you're
| really paying for is "one throat to choke". In an enterprise
| environment, that's pennies.
|
| In prior roles I've seen NetBox explicitly vetoed in favor of
| technically inferior solutions because there was no available
| support contract at the time. Also, Sunbird has fancy 3D rack
| renders, and that's management catnip.
| dboreham wrote:
| Just one datapoint: charging only $20k/yr to take the heat
| for running a mission critical service for an enterprise
| customer seems very low to me.
| downrightmike wrote:
| I had to dig to a wiki to see what the interface looks like,
| would like it on the homepage.
| jeffg-nbl wrote:
| Noted, thanks for the feedback. I'll make sure that we get
| some visuals in a place that's easier to find.
| jsz0 wrote:
| Hey if you're ever looking for any DevOps people with a network
| engineering background LMK I'm a big fan of NetBox I think it's
| something I'd enjoy working on.
| etc-hosts wrote:
| How does this compare to Infoblox?
| karolist wrote:
| it's free but you don't get consultants visiting you and taking
| your team for drinks so there's that
| hash07e wrote:
| I would love some screenshots
| mrmrcoleman wrote:
| You can peruse the demo instance here: https://netbox-
| demo.netboxlabs.com/
|
| admin:admin
| oriettaxx wrote:
| Is netbox intended to be some kind of "source of truth"?
|
| I mean, if MyVM has today IP: 10.10.10.200, and tomorrow somebody
| change that IP,
|
| * should I expect Netbox to change the IP assigned to MyVM?
|
| Does Netbox do some kind of auto-discovery? or that's not its
| role?
|
| Can Netbox ping my VM to know if they are UP, or that's not its
| role?
| jeffg-nbl wrote:
| NetBox is indeed intended as a source of truth. It it tightly
| focused on being the very best DCIM + IPAM solution it can be,
| which means that discovery / reconciliation and assurance /
| monitoring are not a problem we're currently trying to solve.
|
| Other products do those things well, and can integrate with
| NetBox via our extensibility facilities including API, plugins,
| and scripts. In fact, we just announced partnerships with a
| couple of vendors that do those very things:
| https://netboxlabs.com/news/strategic-partnerships-reduce-ad...
| oriettaxx wrote:
| ok, very good, thanks.
|
| So, (sorry I probably should read the docs, and I will, but
| I'm pretty curious now) the day we implement it, we have to
| plan to add all our data by hand, am I right? (IP, subnets,
| details on routes/routers, switches, login URI, notes,
| locations, ecc ecc..)
| jeffg-nbl wrote:
| For an introduction to life with NetBox that is fast-moving
| and gentle, yet fairly comprehensive, check out our "Zero
| to Hero" course: https://netboxlabs.com/zero-to-hero/
| midasuni wrote:
| A source of truth should only be changed based on a deliberate
| controlled action. Your VM shouldn't be changing IPs, if
| "somebody" changes it you have a chaotic network and you just
| want a network discovery tool.
|
| The change to the VM's IP should be done through an auditable
| change process (like a pull request). If the VM doesn't match
| the source of truth, the VM is wrong, not the source of truth.
|
| That PR process would also update your telegraf plugins to
| ensure that the new IP is being monitored etc.
|
| Net is won't change the process, your automation (an ansible
| playbook perhaps) would do the change based on the information
| in the source of truth
|
| Now it's possible you only have a couple dozen hosts and a
| handful of networks and thus your source of truth could be an
| inventory file, that's a reasonable solution. When you have
| dozens or hundreds of switches and hosts in the thousands or
| more range, I would prefer to have a UI wrapped around that
| file though, with various links between different locations,
| switch ports, MDU outputs, etc, that's where netbox comes in.
| Your grafana dashboard can take the physical location and tie
| in with your various monitoring (host and environment) to
| identify a problem in a specific part of your data centre
| quickly and reliably, as netbix knows what rack the host is in,
| what switch it's connected to, etc
| cwk9 wrote:
| Netbox is amazing. I'm never going back to spreadsheets and
| Visio.
| jethro_tell wrote:
| Man, there are so many dots along the pathway between
| spreadheets and netbox. You make it sounds as if it's the only
| DCIM ever made.
| borlox wrote:
| Great tool, we're heavily relying on it for our network
| automation and have some custom plugins running.
| dang wrote:
| Related:
|
| _NetBox: Infrastructure resource modeling application for
| network automation_ -
| https://news.ycombinator.com/item?id=28264828 - Aug 2021 (11
| comments)
|
| _NetBox - DigitalOcean 's IPAM and DCIM tool - open sourced_ -
| https://news.ycombinator.com/item?id=11986828 - June 2016 (4
| comments)
| jsz0 wrote:
| Big fan of NetBox I'm not even sure how I'd manage modern
| infrastructures without it. Unless your environment happens to be
| very static it's a huge time sink to document a network using old
| fashion Visio diagrams. The initial setup of NetBox can be quite
| an undertaking though. As long as you secure them properly
| CDP/LLDP/etc make the process much easier. One general rule of
| advice make sure you keep good backups of your NetBox because
| it's easy to make changes with unintended consequences that take
| a lot of time to manually back out
| gjvc wrote:
| for the love of god please vote for this missing feature
| https://github.com/netbox-community/netbox/issues/11721 and save
| me from having to use nautobot instead, (which might actually be
| better long-run, hm)
___________________________________________________________________
(page generated 2024-02-06 23:01 UTC)